Security gain from NAT (was: Re: Cool IPv6 Stuff)

• Previous message (by thread): Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Next message (by thread): Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I posit that a screen door does not provide any security. A lock and
> deadbolt provide some security.  NAT/PAT is a screen door.
> Not having public addresses is a screen door.  A stateful inspection
> firewall is a lock and deadbolt.

It's tedious getting in and out with a lock and a deadbolt so we
don't bother. The screen door stops some bugs flying in.

I don't see why people make a big deal of this, to the extent of trying
to stop people doing NAT if they want to in v6. People can break their
connection if they want, for some a box that does what a pre configured
NAT box does is more security than they would have if left to configure
something else (child wants some p2p, child opens ports and a few
others over time, firewall is pointless)

Assuming NAT cannot exist is what annoys me as it also breaks a lot
of proxy firewalls too by trying to force an end to end model that
doesn't suit all.

Back to "rabbit season" "duck season" discussion...

brandon

• Previous message (by thread): Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Next message (by thread): Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]